PowerKVM is affected by a vulnerability in sudo. IBM has now addressed this vulnerability, which is described by two CVEs.
CVEID: CVE-2017-1000367**
DESCRIPTION:** sudo could allow a local attacker to gain elevated privileges, caused by improper parsing in the get_process_ttyname() function for Linux. An attacker with privileges to execute commands could exploit this vulnerability to overwrite any file on the filesystem with his command’s output and gain root privileges on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/126527 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID: CVE-2017-1000368**
DESCRIPTION:** sudo could allow a local attacker to gain elevated privileges, caused by improper parsing in the get_process_ttyname() function for Linux. An attacker with privileges to execute commands could exploit this vulnerability to overwrite any file on the filesystem with his command’s output and gain root privileges on the system.
CVSS Base Score: 7.8
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/127578 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
PowerKVM 2.1 and 3.1
Customers can update PowerKVM systems by using “yum update”.
Fix images are made available via Fix Central. For version 3.1, see https://ibm.biz/BdHggw. This issue is addressed starting with v3.1.0.2 update 8.
For version 2.1, see https://ibm.biz/BdEnT8. This issue is addressed starting with PowerKVM 2.1.1.3-65 update 17. Customers running v2.1 are, in any case, encouraged to upgrade to v3.1.
For v2.1 systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions.
none